<?php 

error_reporting(0);

include_once '../conf/db-config.php';
//get the posted values
$user_name=htmlspecialchars($_POST['user_name'],ENT_QUOTES);
$pass= $_POST['password'];
//print $pass;
$sql="SELECT id, user_name, is_admin, password FROM tbl_users WHERE user_name='".$user_name."'";

$result=mysql_query($sql);
while ($row = mysql_fetch_array($result))
{
	$user_id = $row['id'];
	$is_admin = $row['is_admin'];
	
	if(strlen($user_id)>0)
	{
		if($row['password']==$pass)
		{
			session_start();
			$_SESSION['u_name']=$user_name; 
			$_SESSION['user_id']=$user_id;
			$_SESSION['is_admin']=$is_admin;
			
			if(strlen($_SESSION['u_name'])>0)
			{
				?>
				<script>
				window.open("admin-homepage.php","_self");
				</script>
				<?php 
			}
			else 
			{
				?>
				<script>
				window.open("admin-login.php","_self");
				</script>
				<?php 
			}
		}
		else
		{
			?>
				<script>
				window.open("admin-login.php?login=false","_self");
				</script>
				<?php 
			
		}
	}
	else
	{
		?>
				<script>
				window.open("admin-login.php?login=false","_self");
				</script>
				<?php 
	}
}


?>
